Menu

industry insight

12 Key Findings from “The Global State of Information Security”

March 8, 2017

PwC Global recently released their annual infosec research “The Global State of Information Security Survey 2017.” The survey is global in scope, covers a broad range of industry verticals, and has strong participation with more than 10,000 respondents, with 48 percent from organizations with revenue of $500 million+. Last week, I had the opportunity to attend the Technology Association of Georgia (TAG) event hosted by PwC to review the findings of the 19th annual information security survey.

One key trend that organizations are seeing is the dramatic increase in complexity – from an increasing attack surface due to Mobile and IoT adoption to new regulations that require more controls. What is becoming clear is that security programs must focus on fundamentals such as employee training, cutting-edge policies and controls, and an organizational commitment to readiness and resilience.

Changes in the retail business model away from brick and mortar to online sales may be a contributing factor to the decreased investments in Cybersecurity, since Point of Sale (POS) investments are diminished

Interestingly,Telecommunications also saw a dramatic increase (70%)in the number of incidents

4. Top 3 Drivers of InfoSec spending:

Internet of Things (IoT) security

New security requirements as business models evolve

Need for improved collaboration between business, digital, and IT

5. Top Attack Vectors

Phishing

Mobile devices

Consumer technology

Operating Technology (Industrial Control Systems)

6. Insider incidents are still the #1 source of security incidents; however, the gap is closing between the two. The forecast is that external threats will surpass insider incidents in the next 2-3 years.

7. Cybersecurity Governance is evolving. This topic came up at MIT EF’s “2017 Trends in Cybersecurity” as well, where CISOs are reporting to the CEO directly instead of the CIO. Boards are getting smarter on security and engaging more in providing governance oversight to the enterprise.

Cloud Security

8. “Cloud First Strategy” for small to mid-sized firms. [My two cents: Just as mobile adoption has leap-frogged land line adoption in developing countries, we are seeing younger companies that are building out their infrastructure using the Cloud, bypassing on-prem data center.]

9. For larger organizations, as their infrastructure ages, they have the opportunity to move to the cloud vs. upgrading their systems in-house.[My two cents: Implications for larger organizations is that they risk becoming a dinosaur that is easily out-maneuvered by new entrants that are more nimble and efficient.]

10. The biggest challenge with the move to the Cloud is Governance and Control of applications, data, and security.

Privacy

11. The EU’s new General Data Protection Regulation (GDPR) is the game changer in privacy for companies doing business in the European Union. Key factors in the law are it’s:

Broad Scope – defines baseline data privacy for the entire EU and is a LAW, not a directive

Large Impact – If you do business in the EU, you must comply. The cost to implement the proper controls will be very high.

Risk of Non-Compliance – Penalties for non-compliance are very high (up to 4% of annual revenue) and the law makes it easier to bring class-action lawsuits

12. The most significant risk is to big data companies, such as Google, Facebook, and other social media companies.

Conclusion

As Thomas Aquinas so elegantly stated:“A small error at the beginning of something is a great one at the end.” Running a disciplined program across people, process, and technology is key to staving off cyber threats with any degree of success. While investments may wax and wane as regulations and the threat landscape alters, the weakest part of security is the end user. Investments in training, policy, and end user education are still your best bet in managing these risks.

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Contact us today!